Are you Australian? I don't think you understand what happened. The change wasn't removing signing as a requirement, it was removing signing as an _option_. It hadn't been a requirement in years (decades?). When I was working in fast food someone tried to use a signature roughly once a day max and typically they were using a business account.
> Goodness knows what it cost but there was a giant campaign to get everyone to ensure they had a pin number on their cards.
I never saw this... It was widely reported in the media but use of signatures was rare enough that few people cared.
> And at the same time, you can use PayWave to just wave a credit card for a transaction with no PIN required - presumably for smaller transactions.
Not presumably, the maximum is $100 and when you reach the $100 limit you still wave, you just need to enter a PIN afterwards.
> I've wondered what sort of security issue PayWave is..... what if somehow a criminal got a PayWave reader and surreptitiously touched it to everyone's bag and pocket on a crowded train? Is there a possible exploit there somewhere?
It's not bulletproof but damage is pretty limited:
- If you use an actual portable payment terminal to process transactions on the spot, the fraud rate will be incredibly high and you're not likely to keep any of the money. The transactions will be reverse and you'll be fined and/or prosecuted.
- If you capture a token and try to use it, you have to do it before the actual owner does because if the bank sees tokens out of order it'll freeze the card.
- Banks have pretty good guarantees on contactless fraud.
Good post, thanks. Australia really is on the forefront of this; we may be behind on a lot of other things, but not NFC payments.
Edit: And my Samsung Pay works contactless as well, and is linked to my bank account same as my MasterCard plastic - but with the added advantage of giving me instant electronic receipts.
We really are. It seems crazy that Australian banks had contactless phone payment apps (that actually worked pretty much everywhere) before Google and Apple.
http://www.theaustralian.com.au/business/financial-services/...
> Goodness knows what it cost but there was a giant campaign to get everyone to ensure they had a pin number on their cards.
I never saw this... It was widely reported in the media but use of signatures was rare enough that few people cared.
> And at the same time, you can use PayWave to just wave a credit card for a transaction with no PIN required - presumably for smaller transactions.
Not presumably, the maximum is $100 and when you reach the $100 limit you still wave, you just need to enter a PIN afterwards.
> I've wondered what sort of security issue PayWave is..... what if somehow a criminal got a PayWave reader and surreptitiously touched it to everyone's bag and pocket on a crowded train? Is there a possible exploit there somewhere?
It's not bulletproof but damage is pretty limited:
- If you use an actual portable payment terminal to process transactions on the spot, the fraud rate will be incredibly high and you're not likely to keep any of the money. The transactions will be reverse and you'll be fined and/or prosecuted.
- If you capture a token and try to use it, you have to do it before the actual owner does because if the bank sees tokens out of order it'll freeze the card.
- Banks have pretty good guarantees on contactless fraud.